Set up DNS over TLS for adguard

This commit is contained in:
Lillian Violet 2024-12-15 15:22:29 +01:00
parent 24b4b45907
commit 552f606563

View file

@ -62,12 +62,60 @@
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well.
networking.nameservers = [
"94.140.14.49"
"94.140.14.59"
"2a10:50c0:0:0:0:0:ded:ff"
"2a10:50c0:0:0:0:0:dad:ff"
"127.0.0.1"
"::1"
];
services.stubby = {
enable = true;
settings =
pkgs.stubby.passthru.settingsExample
// {
upstream_recursive_servers = [
{
address_data = "94.140.14.49";
tls_auth_name = "4b921896.d.adguard-dns.com";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
}
];
}
{
address_data = "94.140.14.59";
tls_auth_name = "4b921896.d.adguard-dns.com";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
}
];
}
{
address_data = "2a10:50c0:0:0:0:0:ded:ff";
tls_auth_name = "4b921896.d.adguard-dns.com";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
}
];
}
{
address_data = "2a10:50c0:0:0:0:0:dad:ff";
tls_auth_name = "4b921896.d.adguard-dns.com";
tls_pubkey_pinset = [
{
digest = "sha256";
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
}
];
}
];
};
};
services.openssh = {
enable = true;
# require public key authentication for better security